How to Activate the Vista Administrator – /Active:Yes

How to Activate the Vista Administrator – /Active:Yes

Not many people know that Vista has a hidden super-user account. I will show you how to activate this Vista Administrator account via a ‘Net User’ command. One benefit of logging on as this super account is that you will never be prompted for the nagging UAC dialog box.

Key decision – decide if you need a password for the administrator’s account that you are going to activate. My point is that the local policy may insist on a complex password, thus you will not be able to activate the administrator with a blank password. This technique also works on Windows Server 2008, however on that operating system it is more likely you will set /active:no.

Overview

Logon to Vista using your usual account.

Launch the cmd prompt – Make sure you select, ‘Run as administrator’

Net user administrator p@ssw0rD

Net user administrator /active:yes

Switch User, or logoff

Logon as Administrator: Password p@ssw0rD (Your password may be different!)

Detailed Instructions to Activate the Administrator

Logon to Vista using your normal username and password.

Click on the Start button

Click on Start Search.

Type,cmd.

Right-click cmd, select ‘Run as administrator’ from the shortcut menu.

In the black ‘DOS box’, type the following at the command line:Net help user

The idea of the last command is just to observe the options for Net User. In particular, examine the syntax to set the password.

The next instruction is the crucial command. I have chosen password = p@ssw0rD, you may want to choose different characters.

Net user administrator p@ssw0rd

Net user administrator /active:yes

Check the message : The command completed successfully

Switch User, or logoff

Logon as Administrator Password p@ssw0rD (Your password may be different!)

Trap1: There should be no space between the word ‘active’ and the colon.

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

The main benefit of activating this hidden Vista Administrator is so that you have access to an account, which does not suffer from the annoying UAC dialog box. Although it is possible to suppress the UAC with a local policy, there is a lingering fear that security is being weakened. Another worry is that rumours persist that some commands don’t work properly if you turn off the UAC.

Linked to the benefit of suppressing the UAC dialog box is the fact that this Administrator account has elevated privileges. What this means is that if your run CMD you don’t have to ‘Run as administrator’ before you get unrestricted access to the command line.

Another benefit of knowing this method is to keep the hidden Vista administrator account as a ‘back door’, for example, if you inadvertently lock out your main account. Sitting there at your computer, you can never believe that you will be so foolish as to lock yourself out, yet logic dictates that somewhere in the world, someone has just done that: locked themselves out of Vista. Would not they like to know how to activate the administrator account?

Naturally, it is a case of administrator by name and administrator by function, this super user is a member of the Local Administrator’s group. In many ways this super Administrator account reminds me of the Unix root account. As I am not a ‘professor’ of Unix I do not know if you can hide root, but you can hide Vista’s administrator account with this command:

Activating this super account provides a good opportunity to examine where you can configure Vista’s accounts. Click on the Start button, Control Panel and select –> User Accounts: My point is that you can check in the GUI whether accounts have activated successfully. /Active:yes the account is visible. /active:no the User Name disappears from the list below.

Trap: Before you can make ANY changes to ANY account, you must make sure that this box is ticked:‘Users must enter a user name and password to use this computer’. See screenshot below.

I like the Permissions Monitor because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!

Hidden Administrator’s SID

Every Windows account has a unique Security Identifier, or SID for short. It has been a traditional for THE administrator’s account to have a SID ending in 500. I was surprised therefore, not to see any such SID number in Vista – until I activated the hidden administrator. When I launched regedit and checked the HKEY_USERS, there was the famous SID ending in 500 (S-1-5-20-2344314121-13413-500), and it corresponded to the recently activated administrator’s account.

One puzzle remained, if, when you initially logon to Vista, can you create (as opposed to activate) an account called Administrator.

John Wolfe came up with the answer. ‘When I tried to name the original account as Administrator. I was told that the "Account already exists" ‘.

My point is that you cannot have two accounts with the same name, and unlike previous operating systems, before you can logon to Vista you must first create an account.

One reason to activate the hidden Vista Administrator account is so that you are no longer nagged by the UAC (User Account Control) prompt. The procedure is straightforward, just head for the cmd prompt and type:Net user administrator /active:yes.

The only trap is that many systems require a complex password so that you need to add a password to the command string thusNet user administrator p@ssw0rdThenNet user administrator /active:yes